CVE-2018-7950
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
Affected (20)
Products: Huawei: 1288h V5 Firmware, 2288h V5 Firmware, 2488 V5 Firmware, Ch121 V3 Firmware, Ch121l V3 Firmware, Ch121l V5 Firmware, Ch121 V5 Firmware, Ch140 V3 Firmware, Ch140l V3 Firmware, Ch220 V3 Firmware, Ch222 V3 Firmware, Ch242 V3 Firmware, Ch242 V5 Firmware, Rh1288 V3 Firmware, Rh2288 V3 Firmware, Xh310 V3 Firmware, Xh321 V3 Firmware, Xh321 V5 Firmware, Rh2288h V3 Firmware, Xh620 V3 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r005c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei 1288h V5 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r005c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei 2288h V5 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r005c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei 2488 V5 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch121 V3 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch121l V3 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch121l V5 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch121 V5 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch140 V3 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch140l V3 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch220 V3 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch222 V3 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch242 V3 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch242 V5 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r003c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Rh1288 V3 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r003c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Rh2288 V3 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r003c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Xh310 V3 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r003c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Xh321 V3 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r005c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Xh321 V5 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r003c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Rh2288h V3 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r003c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Xh620 V3 | All versions |
References (2)
Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.